Wednesday, 20 November 2019

How DNS Over HTTPS (DoH) Will Boost Privacy Online

Electric blue lock icon in a circle.
Anci Valiart/Shutterstock.com

Companies like Microsoft, Google, and Mozilla are pushing forward with DNS over HTTPS (DoH). This technology will encrypt DNS lookups, improving online privacy and security. But it’s controversial: Comcast is lobbying against it. Here’s what you need to know.

What Is DNS Over HTTPS?

The web has been pushing towards encrypting everything by default. At this point, most of the websites you access are likely using HTTPS encryption. Modern web browsers like Chrome now mark any sites using standard HTTP as “not secure.” HTTP/3, the new version of the HTTP protocol, has encryption baked in.

This encryption ensures that no one can tamper with a web page while you’re viewing it or snoop on what you’re doing online. For example, if you connect to Wikipedia.org, the network operator—whether that’s a business’s public Wi-Fi hotspot or your ISP—can only see that you’re connected to wikipedia.org. They can’t see which article you’re reading, and they can’t modify a Wikipedia article in transit.

But, in the push towards encryption, DNS has been left behind. The domain name system makes it possible to connect to websites through their domain names rather than by using numerical IP addresses. You type a domain name like google.com, and your system will contact its configured DNS server to get the IP address associated with google.com. It will then connect to that IP address.

Performing a DNS lookup with the nslookup command on Windows 10.

Until now, these DNS lookups haven’t been encrypted. When you connect to a website, your system fires off a request saying you’re looking for the IP address associated with that domain. Anyone in between—possibly your ISP, but perhaps also just a public Wi-Fi hotspot logging traffic—could log which domains you’re connecting to.

DNS over HTTPS closes this oversight. When DNS over HTTPS, your system will make a secure, encrypted connection to your DNS server and transfer the request and response over that connection. Anyone in between won’t be able to see which domain names you’re looking up or tamper with the response.

Today, most people use the DNS servers provided by their internet service provider. However, there are many third-party DNS servers like Cloudflare’s 1.1.1.1, Google Public DNS, and OpenDNS. These third-party providers are among the first to enable server-side support for DNS over HTTPS. To use DNS over HTTPS, you’ll need both a DNS server and a client (like a web browser or operating system) that supports it.

RELATED: What Is DNS, and Should I Use Another DNS Server?

Who Will Support It?

Read the remaining 20 paragraphs



from How-To Geek https://ift.tt/37kTqfm

No comments:

Post a Comment